Physical Security Risk: know how to assess it

 

Many small to medium sized business (and even large enterprise businesses)  and government, have limited budgets, let alone spending a lot on risk and security.

Before you do go and spend a lot of capital on risk and security mitigation measures (aka security cameras, access control, bars and locks, lighting, training, fencing, etc.), you need to know what you’re buying for.

That is, you need to know what risks you are addressing.

Risk dial

Having a Risk Assessment completed on your municipality narrows the focus of your spending and aligns your purchasing with the specific types of risk and security mitigation measures you need.

To get a little technical…Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It involves the process of identifying internal and external threats and vulnerabilities, identifying the probability and impact of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization’s operations, defining the controls in place necessary to reduce exposure and evaluating the cost of such controls.

That is a mouthful. Let us break this down a bit.

If you have a threat, but there is no vulnerability, then there is no risk.

If you have a vulnerability but no threat, no risk.

Perhaps something many can relate to, you went online and purchased some products, and they are set to be delivered to your home. And no, we are not going to discuss online security…a topic for another day perhaps.

The packages are delivered to your home. But because of your daily routine, errands, off to the office, or shop, you are not always home. The shiny object is the packages just delivered. The vulnerability or sometimes referred to as a gap, is you are not home, and the packages now sit on your front step unattended. The threat, someone will take those packages right from your front step.

So, going back to the assessment. The key is once you know what your largest threats are (and yes you need to be able to determine that), it is important that you take action (implement risk and security mitigation measures) to lower your vulnerability.

Why not eliminate the vulnerability?

Great question, thanks for asking.

Eliminating the vulnerability may not always be possible.

Some business sectors and industries simply have built-in threats. But, if we focus on lowering the vulnerability, we lower the risk of a loss.

The assessment is complete, and we have identified risks. The next important step is finding the risk and security measures that are going to be the most effective in mitigating the identified risk. These measures come in all different shapes and sizes, video surveillance, locks and safes, lighting, security focused training, etc.

Where in doubt, reach out to us or find your trusted Independent Risk and Security consultant.

Yes, we highlighted Independent. That is definitely a topic for another day.

It all starts with a conversation.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

 

Share

Municipalities Build Back Better With Whole Person Care

 

 

 

 

 

 

 

 

There is a lot of talk about a Build Back Better approach in our communities during the Covid 19 pandemic.  One strategy that helps address those in need is a Whole Person Care approach using a digital platform to collect and measure outcomes for wrap around programs which can be fully funded under the new Canada Healthy Communities Initiative.

With the arrival of Covid 19, the amount spent on healthcare is increasing in every community. While the amount invested in healthcare is increasing, municipalities are spending up to 25% of their healthcare costs to support non-value add aspects in their healthcare system. Value-based care models help optimize what is spent to get the best outcomes. How do communities do more with less as Covid 19 increases health and economic risk? In the short term we will need to work together with what we have and find ways to get better outcomes for less.

We know that Covid 19 is accelerating value-based healthcare approach in communities. Whole-person care is not far behind.

Whole person care describes a wrap around approach that addresses complete physical health, behavioral health and social wellbeing. Communities that work together as a team to provide care for individuals with poorly managed conditions including diabetes, heart disease, obesity and COPD are better equipped to improve health outcomes for less. Helping to manage care for this population most at risk relies on seamless information exchange, tele-health, care co-ordination and consumer engagement. All of these conditions are closely related to the social determinants of health.

Post acute care including home health, hospice and senior living facilities and human service including community mental health centers, addiction treatment centers and social service agencies in every community need to have the technology and skills to work as equal partners. Every community now has a chance to build back better with whole person care. 

Whole person care gets even better when amplified with data science and analytics that are driven with a prescriptive approach to patient care. To prepare our communities to deliver better outcomes during the pandemic, municipalities need to look at systems that offer interoperability – a framework that supports bidirectional exchange of data across systems and providers of care, a network to network bridge, policy agreements, discrete data and support for client consent and sharing that consent with others.

Consumer engagement with a patient portal makes it easier for hospitals and physicians to work with clients. Automated referrals, tele-health and patient information integration create a public care eco-system that serves the public in Covid 19 times. Building Back Better with the help of funding from the Canada Healthy Community Initiative makes it possible to accelerate the care you need in every community. Let us know if you need help with your digital transformation as you build back better in your community.

 

Learn more: Contact Athena Software

 

Share

Do you know what you want or need?

It is important that you know what you are asking for…so that it’s not risky.

You have asked for an Assessment. Stakeholders are concerned about security. Is the goal to look to identify your Security Risks, Threats, Consequences or Vulnerabilities? Or all of them? Collectively, there is a formula for that.

Risk = Threats + Consequences + Vulnerability

Do not be taken in by someone who says all assessments are the same.  A risk assessment, threat assessment, vulnerability assessment, security audit or even a business impact analysis are not the same as each other.

Square peg, round hole.

A Threat assessment looks to understand what entities may have an interest in creating a security concern or problem for your organization.

A Security Audit is a validation or verification that security measures that are currently in place are actually in place and doing what they intended to do. This audit focuses specifically on the effectiveness of security and determines if a known vulnerability is being addressed. It does not measure risk.

Vulnerability Assessments look to understand both consequences and vulnerabilities. Threats however within a vulnerability assessment are assumed to be at a high level. At the end of a Vulnerability assessment organizations quite often implement increased security measures to address the vulnerabilities and lower the consequences. This happens because the level of threat and the probability of an occurrence from happening is not actually analyzed.

The Consequence focused Business Impact Analysis identifies the most critical of assets to an organization and sets out to build resiliency around these identified assets, most commonly as a business continuity plan.  Business Impact Analyses do not address threats or vulnerability.

The Risk Assessment is the most effective means of determining security adequacy as it considers all three elements of risk – threat, vulnerability, and consequence.  A Risk assessment should be the methodology of choice if you are seeking to determine your security adequacy and avoid the potential pitfalls of not having all of the information.

But all is not lost. It is okay if your organization needs to only conduct one or several of the assessments mentioned above. There may be cause for you to do one assessment over another, resulting in a more intimate understanding of that particular assessments output.

We can assist your organization in determining which of these assessments is best for you given your organization’s current security risk landscape.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

An Artist’s Eye to Risk & Security Program Success

 

 

Michelangelo famously created the sculpture David and JK Rowling famously revealed characters that already existed. Two completely different types of artists and art.

But how did Michelangelo actually approach this masterpiece? Did he take a stone and begin to carve, and David was eventually the result, or did he know that David was already in the stone and he had to carve away the waste to reveal him? JK Rowling did the latter.

Which approach applies to your organization?

Do you work to reveal the security practices that are already intuitively imbedded by hard working staff doing the right thing and expand on these, or realize that you need to start fresh and create something new?

Let us take a look. Your organization is well established. Many operational and strategic programs and processes are in place. But your now are faced with ramping up your security program. Create policies, procedures, establish the

With both approaches your personnel, all personnel, security or otherwise play the most significant part in the immediate and continued success of your Risk & Security program.

At a high level view, your Risk & Security program has 3 major components;

  1. Plans/Procedures: you need purpose, direction, and accountability
  2. Hard/Soft tools: software, hardware, technical systems…such as cameras, card access, etc.
  3. And the third piece that actually holds it all together and makes it work, people (personnel).

Of course, while the various plans/procedure, technical systems and devices assist in the assurance of security – it all ultimately boils down to personnel.

But they don’t just get there on their own.

There needs to be a commitment within your program to educate, cooperate, and involve personnel to be successful.

Not sure where to begin? We can help.

It all starts with a conversation.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Check please!

Is your security risk management, business continuity and any other resilience program you have simply to prove you have one? Check the box, so to speak? It’s perhaps stable, reliable, unchanging?

Then you have a problem. You’re doing it wrong.

You’re doing it wrong.

You’re programs should be designed to generate improvements. There should be a built-in restart, of the assessment process. The cycle should ensure improvements re-align to the overall business objectives. Your improvements should replace those areas of the program that don’t work, are unnecessary, and need revitalization.

We can help. We can help get your program from simply sustaining itself to regenerating, restarting, re-aligning, replacing, and revitalizing itself so that it works when needed; so that it works for you. We can help get your program working for you.

It starts with a conversation.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Immunity

 

No individual, no organization, no place is completely immune from some form of a disruptive event. Pandemics, epidemics, financial and government unrest, terrorism, on top of the myriad of natural disasters and the consequences of those events that countries, states, provinces, cities, large enterprise, and small/medium business all could experience.

With these disruptive events, all of the aforementioned entities have difficult decisions to make with regards to their investment into response (and to what level of response), what level of security, what level of operational capability do they need during and immediately after these type of events and others.

How do we reduce the impact of disruptive events?

Invest in enhancing resilience. Organizations require the ability to prepare and plan, absorb and recover for and from disruptive events.

Building resilience, maintaining resilience, staying resilient.

Being resilient, allows organizations to be better equipped to anticipate disruptive events with the expectation that losses are reduced.

Disruptive events will continue. A proactive approach to enhancing your organization’s resiliency will reduce the economic, reputational, and operational affects that disruptive events can cause.

It all starts with a conversation.

We can Help. We’ve helped organizations enhance their resiliency, and will continue to do so with a collaborative approach and transparent communication.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Risk Complacency

Why should you have a cyclical strategy to your risk and security?

Risk Complacency. You run the risk of being complacent. The one man-made hazard that is probably the easiest to avoid and the largest threat to any sized business, organization, government, event, institution, and book club. Okay, maybe not the book club.

 

So, what happened?

It was quiet. It was nice, there was a sense of security. Unfortunately, that feeling is usually supplemented with a lack of awareness. A lack of awareness of threats, dangers to your organization, those deficiencies that slowly creep up but yet can quickly hammer down all the previous work.

Plan out the work to get your organization on a cyclical strategy to address, manage and mitigate your risk and security threats.

Once planned out. Execute the plan. Do what you say you are going to do…and don’t stop.

Need help? We can Help.

It starts with a conversation.

As we say…Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Do Not Lose Focus

Let us not forget about all the other risks & threats that kept us up at night before the threat of the pandemic landed on our doorsteps.

Yes, the response to the pandemic is important.  Unfortunately, there are other risks & threats that still exist.  

Do not lose focus.

Organizations now more than ever need to be able to strike a balance with multiple focal points whist executing their emergency response, risk & security, business continuity plans.

Stay organized.  Stay Sharp.

We can Help.

Plan the Work.  Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Pandemic/Epidemic Business toolKIT

We are deeply focused on keeping your employees, customers, and suppliers safe while working, visiting, or conducting business at your facilities and supporting your business operations.

The Michael White Group International and Hilt International Security have partnered together in order to create a dynamic resource that is continuously growing, developing, and being  revised to keep you informed of the latest requirements, new best practices, and procedures.

As we all continue to navigate our  ‘new normal’, we have tapped into our global resources to develop a toolKIT that lays out processes to raise awareness of new health and well-being protocols and potentially helpful practices for cross-functional teamwork, operating discipline, and training for employees.

While it is not a one-size-fits-all approach, the Pandemic/Epidemic Business toolKIT includes practical recommendations, based on guidelines from Health Canada and World Health Organization, that could be tailored for different  businesses (when required) to address various scenarios they may face when returning to work. Regular updates will be made to the toolKIT based on real-time feedback. The toolkit covers a wide range of topics, including:

•      Step-by-step guides for setting up a pandemic response team

•      Cleaning and disinfection procedures

•      Staggering shifts and lunch breaks and other physical distancing strategies

•      On-site health screening

•      Protocols for isolating employees who become ill at work

•      & more.

This has been a difficult time for everyone, and re-establishing a workplace where employees feel comfortable performing their jobs safely is a multi-faceted challenge. It is our hope that by developing and providing this resource we can help your organization accomplish and adapt to the new operating protocols in today’s still ever challenging conditions.

Should your Municipality be open to exploring the need, whilst accessing our  toolKIT to assist you during  the re-opening, and re-populating of your facilities, contact Michael White Group International today, and in partnership with Hilt International Security we will be happy to assist.

 

 

Share

Ensuring Due Diligence and Cost-Effectiveness While Working on a Budget and Under the Public Microscope.

Staff Training – Bylaw Officer Training and Accreditation.

Ensuring due diligence and cost effectiveness while working on a budget and under the public microscope.

As a court recognized “Subject Matter Expert” (S.M.E.) in the training of Provincial Officers, Bylaw Officers and Police Officers, I am often called to testify as to what is or isn’t an acceptable level of training and give opinions on policy and procedural issues surrounding enforcement.

In a series of coming articles I will discuss a number of different issues surrounding the training and operational deployment of Bylaw Officers, particularly Parking Bylaw, Animal Control and General Duties Bylaw Officers/Inspectors within Municipalities. This will include comments on standards (best practices) and what constitutes proper due diligence.

To train or not to train; this is the question!

In the words of the ancient Huna tradition: “In all things you must pay attention, or you will pay later with pain.” Ouch.

My quote is this: “There is only one thing more painful that training someone and they leave; and that is that you don’t train them and they stay.” Free advice from a guy who in court a lot and seen the outcomes.

Here are a few facts before we start just for context:

1. There is NO mandatory training required by legislation in most Provinces or Territories in Canada
to become a general duties Bylaw or Municipal Bylaw Enforcement Officer appointed to enforce Parking,
Property Standards or Animal Control. (Building Inspectors and other specialty trades do have standards and
training.)

2. There is also NO government mandated course training standard for “certification,” or “accreditation” for
non-college delivered courses. Colleges must meet the requirements of their legislation in order to issue
“certificates of achievement” to graduates. There is no consistency within college programs and courses can
vary in length and cost. No two courses deliver the same identical content even if they carry the same
module/content names.

3. Bylaw Officer training courses are currently offered to the public via Colleges or by *private vendors in
addition to any job specific courses delivered in house by the employer. (* Provincial Associations training
programs are included as private vendors as they are not a sanctioned arm of the government nor usually
listed as private career colleges.)

4. ANY training is only as good as the credentials of the instructor who teaches it and the content they teach.
Beware of anyone who calls themselves an “expert.” Only the courts can designate someone as a Subject Matter
Expert. If credentials are questioned, they must be proven credible to be accepted.
Content that is not kept up to date by a qualified person can be both useless and get officers into legal
trouble. Content updates should take place annually.

5. Beware of labels and semantics. The term “Municipal Law Enforcement Officer” or M.L.E.O. is a term that is
sourced within the Ontario Police Services Act. It is used in Ontario only. Other Provinces use the term
“Bylaw Officer” or use other terms. Legal terms are found within each Province or Territories enabling
legislation. “Provincial Offenses Officer” (P.O.O.)is a term sourced in the Ontario Provincial Offenses Act.
Officers that we train for Provincial Ministries or other agencies who are not necessarily Municipal Bylaw
Officers, get their appointments from this Act.
Changing the name does not change the facts surrounding their duties. “Regulatory Compliance Officer,”
“Inspector,” or any other made up term to describe a Bylaw Officer or M.L.E.O. doesn’t change their
appointment status or their authorities to act within law.

6. All Police Officers are also appointed as P.O.O.’s and M.L.E.O.’s in Ontario. In some cases they are the
only source of Bylaw enforcement in smaller communities but in others this is left entirely to the local
Bylaw officers or even outsourced, contracted, security guards or private agencies. It is therefore common
sense that the same academic content taught to the police should be taught within a properly vetted course
to Bylaw Officers in context.

Regardless of which Province or Territory you live in, staff need a core level of academic knowledge and
skills competencies that a properly vetted course can provide. In many cases, but not all, Municipalities
offer further training or supply additional certification specific to appointments. Some only accept Law and
Security or Police Foundations college graduates then don’t give them any further training at all. I can’t
begin to tell you how dangerous a practice this is for many reasons.

For further details regarding accreditation within your area, please visit our website https://burgessandassoc.com/courses/municipal-provincial-officers/bylaw-officer-core-competency-training-course or https://burgessandassoc.com/courses/municipal-provincial-officers/parking-enforcement-officer-course

Share